How to get integrated credentials from anonymous access

I want to allow both anonymous and integrated access to a web service
simultaneously. That is, if the calling user can be authenticated on the
server, I want the calling user's username. If not, I still want them to be
able to access the web service.

The documentation suggests that this is not possible, because if IIS allows
anonymous, it doesn't pass the caller's credentials on to ASP.NET. This
must not be true, however, because I can allow anonymous in IIS, but set
<deny users="?" /> in web.config and get the WindowsIdentity for the caller
that way. So it seems to me that IIS *must* pass those credentials on to
ASP.NET, which then makes the decision to reject the request if it's from an
unrecognized user.

So. Is there a way to "tap in" to that process, so that I can get the
username of a recognized user, but still allow access by unrecognized users?

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!